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WHAT IS CLAIMED IS: 

1 . A method comprising: 

generating a policy digest for a cached policy at a client, the policy digest 
identifying at least one assertion the client is complying with; and 

including the policy digest in a request by the client to access a resource. 

2. The method of claim 1, wherein generating the policy digest includes 
generating a hash of the cached policy. 

3. The method of claim 1, wherein generating the policy digest includes 
encoding a bit vector identifying selected assertions from the cached policy. 

4. The method of claim 1, wherein generating the policy digest includes 
reading an assertion from the policy, assigning a bit value to the assertion, and 
writing the bit value to a bit vector. 

5. The method of claim 1, wherein generating the policy digest includes 
generating a hash of the cached policy if the cached policy is normalized. 
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6. The method of claim 1, further comprising: 
incrementing a counter each time the cached policy is used; and 
removing the cached policy from a cache at the client when the counter 

exceeds a limit value. 

7. The method of claim 1, further comprising: 

incrementing a counter for the cached policy when a fault is received at the 
client in response to using the cached policy; and 

removing the cached policy from a cache at the client when the counter 
exceeds a limit value. 

8. The method of claim 1, further comprising logging a diagnostic 
event when a fault is received at the client to identify a system problem. 
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9. A method comprising: 

extracting at a host a policy digest identifying a cached policy, the policy 
digest included in a request to access a resource; and 

denying access to the resource if the policy digest identifies an invalid 

policy. 

10. The method of claim 9, further comprising issuing a fault for the 
client if the policy digest identifies an invalid policy. 

1 1 . The method of claim 9, further comprising decoding the policy 

digest. 

12. The method of claim 9, further comprising decoding a bit vector of 
the cached policy. 

13. The method of claim 9, further comprising reading an assertion from 
the policy digest. 

14. The method of claim 9, further comprising reading a row hash of the 
cached policy. 
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15. A system comprising: 

a policy digest identifying at least one cached policy; and 
a messaging module denying access to a resource if the policy digest 
identifies an invalid policy for the resource. 

16. The system of claim 15, wherein the messaging module extracts the 
policy digest from a message requesting access to the resource. 

17. The system of claim 15, wherein the messaging module decodes the 
policy digest. 

1 8. The system of claim 15, wherein the policy digest is a bit vector of a 
cached policy. 

19. The system of claim 15, wherein the policy digest is a row hash of a 
normalized policy. 

20. The system of claim 15, wherein the policy digest identifies at least 
one selected assertion. 
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21 . A system comprising: 

a policy digest for a cached policy at a client, the policy digest identifying at 
least one assertion the client is complying with; and 

a messaging module including the policy digest in a request by the client to 
access a resource. 

22. The system of claim 21, wherein the messaging module encodes the 
policy digest. 

23. The system of claim 21 , wherein the policy digest is a bit vector of a 
cached policy. 

24. The system of claim 21 , wherein the policy digest is a row hash of a 
normalized policy. 

25. The system of claim 21, wherein the policy digest identifies at least 
one assertion selected by the client. 
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26. A computer program product encoding a computer program for 
executing on a computer system a computer process, the computer process 
comprising: 

generating a policy digest for a cached policy at a client, the policy digest 
identifying at least one assertion the client is complying with; and 

including the policy digest in a request by the client to access a resource. 

27. The computer program product of claim 26 wherein the computer 
process further comprises generating a hash of the cached policy. 

28. The computer program product of claim 26 wherein the computer 
process further comprises encoding a bit vector of the cached policy. 

29. The computer program product of claim 26 wherein the computer 
process further comprises reading an assertion from the policy, assigning a bit 
value to the assertion, and writing the bit value to a bit vector. 

30. The computer program product of claim 26 wherein the computer 
process further comprises generating a row hash of the cached policy if the cached 
policy is normalized. 
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31 . The computer program product of claim 26, wherein the computer 
process further comprises: 

incrementing a counter each time the cached policy is used; and 
removing the cached policy from a cache at the client when the counter 
exceeds a limit value. 

32. The computer program product of claim 26 wherein the computer 
process further comprises: 

incrementing a counter for the cached policy when a fault is received at the 
client in response to using the cached policy; and 

removing the cached policy from a cache at the client when the counter 
exceeds a limit value. 

33. The computer program product of claim 26 wherein the computer 
process further comprises triggering a diagnostic event when a fault is received at 
the client. 
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34. A computer program product encoding a computer program for 
executing on a computer system a computer process, the computer process 
comprising: 

extracting at a host a policy digest identifying a cached policy, the policy 
digest included in a request to access a resource; and 

denying access to the resource if the policy digest identifies an invalid 

policy. 

35. The computer program product of claim 34 wherein the computer 
process further comprises decoding the policy digest. 

36. The computer program product of claim 34 wherein the computer 
process further comprises decoding a bit vector of the cached policy. 

37. The computer program product of claim 34 wherein the computer 
process further comprises reading an assertion from the policy digest. 

38. The computer program product of claim 34 wherein the computer 
process further comprises reading a row hash of the cached policy if the cached 
policy is normalized. 
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